It's no secret that security operations centre (SOC) analysts are becoming buried in more security data on a daily basis and, without the right tools, identifying critical security insights and making the right recommendations in an efficient or effective manner is next to impossible. As attack methods continue to evolve and multiply, the only chance of organisations staying a step ahead is to enable their SOC with the most powerful toolset possible.
There is one tactic that has proven to be particularly effective in the battle for cybersecurity - threat intelligence. Doing its job before an attack is actually executed, threat intelligence allows organisations to both avert and mitigate developing security threats before they are able to have a negative impact, with regards to both security and costs.
In 2014 there came a new era of corporate liability linked to cyber-insecurity. In the United States, shareholder lawsuits were instituted against both Wyndham and Target for failing to deploy adequate cyber-security measures, alleging that the breaches constituted gross mismanagement. In Target's 2016 annual financial report, they reported the total cost of the breach was US$ 292 million (£217 million).
Examples such as these underline the importance of organisations having the best defences in place to mitigate the expensive consequences of cyber-attacks. Recently, there has been an increase in the use of threat intelligence to mitigate such cyber-threats, consequently saving organisations money. In its 2016 annual data breach report, the Ponemon Institute highlighted raising costs of data breaches, and the fact that the majority of recent breaches can be traced to malicious attacks. The 2017 report then announced that the average consolidated cost of a data breach is US $3.62 million (£2.75 million).
The huge costs of breach response and the increasing prevalence of hacker-based attacks, stress the value that prevention techniques such as threat intelligence offers in identifying dangers and avoiding breaches before they occur. This year's Ponemon Institute data breach report identified a number of factors that reduced the average US$ 141(£105) per-record costs of a data breach. The report highlights that having an incident response team can reduce this by US$ 19.30 (£14.40) per record.
Pre-empting security threats
Threat intelligence does not directly enhance an organisation's security profile or decrease cyber-risk. Instead, it enables better allocation of security resources in a more powerful and evidence-based way.
Despite saving organisations money in the long-term due to preventing data breaches and the drastic consequences that stem from them, threat intelligence still does take time and effort. As there is currently a lot of hype around threat intelligence it may seem like companies can just “flip a switch” and “do threat intelligence”. In fact, an SC Media survey of information security professionals showed that 43 percent expect threat intelligence to offer an “early warning of new threats and tactics” immediately and with minimal effort. However, it takes more than that.
Once a threat intelligence strategy is in place and has been budgeted for, threat intelligence has a lot to offer, nevertheless, it must be carefully applied and budgeted for accordingly. It is a cycle of identifying relevant risks and applying that intelligence to address them. This in turn influences how businesses make investments in other elements of their information security strategy.
Threat intelligence within a security strategy
Recent research conducted by SC Media revealed that 46 percent of security professionals expected threat intelligence to be a core component of their strategy in 2017. It is of course extremely valuable for organisations to identify malicious traffic and have the ability to instantly respond, however, threat intelligence is best utilised when organisations effectively incorporate it into their overall security strategy. The best way to do this is to keep it simple. Starting out with clear objectives as well as taking the time to identify the appropriate technologies and connect with the providers to help them reach these objectives, will facilitate simple and cost-effective threat intelligence.
When it comes to preventing costs resulting from external dangers such as cyber-attacks and data breaches, organisations must spend money (and resources) in order to save money. Implementing threat intelligence is no exception. By factoring in security defence measures into their security budget, organisations will be able to be confident that in the long run, their security budget will remain intact, and they will have drastically reduced the chance of surprise costs due to a lack in security.
Contributed by Chris Pace, Technology Advocate at Recorded Future
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.